I have been getting alerts over the last few days about Nextgen Gallery having a security vulnerability. According to this site:
A vulnerability has been discovered in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerability is caused due to a bundled vulnerable version of swfupload.
You can see more about it here:
However, these warnings were posted only a day after 11/13/12, when a new update of NextGen Gallery was released (see here). According to the changelog:
Removed bundled version of swfupload
So why are these alerts appearing now, after the bundled version of swfupload was supposedly removed?